U.S. government embraces HTTPS
When it comes to the web, you expect U.S. Government sites to be very secure. Hell, with all of the money we taxpayers pay, the websites should be the most secure in the world. Unfortunately, this is not the case. You see, not only are many .gov websites not secure, they do not even universally use HTTPS. In other words, there are shopping sites more secure than those of the most powerful nation in the world.
Today, however, this changes. Barack Obama's White House has completed a new standard that all U.S. government websites will be forced to follow. While it is embarrassing that this is only happening in 2015, it is better late than never.
"As a provider of vital public services, the U.S. government has a responsibility to keep up with web standards and evolving best practices. As the birthplace of the Internet, the U.S. government has a special responsibility to support the Internet's long-term health and vitality. This new policy, and the leadership it demonstrates, will help the U.S. meet those responsibilities and help the Internet remain a safe place for its users around the world", says Eric Mill and Gray Brooks, White House representatives.
The representatives further explain, "OMB proposed the HTTPS-Only Standard in March and asked for comment from the public. During the public feedback period, OMB's proposal received numerous comments and suggestions, including statements from the Internet Architecture Board, the W3C Technical Architecture Group, the Electronic Frontier Foundation, the American Civil Liberties Union, the Open Technology Institute, Google, and Mozilla. The finalized OMB policy, officially named 'M-15-13: Policy to Require Secure Connections across Federal Websites and Web Services', is now a formal memorandum to executive agencies".
The adoption of HTTPS is good news, for sure. The bad news? The deadline for the government to universally adopt it is December of 2016 -- yes, the end of next year. Sigh. The way the government operates, there is a good chance this could be pushed out even further.
In a cool move, the standard has been published on GitHub here. Give it a read and tell me what you think in the comments.